Comments

Community Chosen Answer

2

Don't know if this will help or not. I've found that using online shell scripts work a lot better when working with the macs. I found this on the 'net but can't remember its source and give credit to that person. Maybe it will help?

Yes, everything from KACE perspective supposedly works flawlessly for 10.6 and lower, but not 10.7+. The script you gave me earlier works well on 10.7 but requires the reboot.

I just got myself a Mac built with 10.6.8 i'm going to be testing your script and some others. Our problem is that more than 30% of 200 machines are 10.7 so if you hadn't provided that script, the KACE system for making setting changes on a mac might have been pointless.

So it looks like this isn't possible according to Dell Support. I spoke with a tech support agent this morning, he's saying the new security in Lion and Mountain Lion are preventing these scripts from running. Dell has no plans to support this until Apple changes their security requirements. This is truely unfortunate as there are a lot of things this could be useful for in our environment.

if anyone knows of another way to enforce password policies or pushing scripts out to Lion or Mountain Lion, I'd sure be appreciative of that conversation.

was reading and looks like a format error and found a couple of blurbs about trying this again.....
try escaping the quotes
osascript -e 'tell application \"System Events\" to set require password to wake of security preferences to false'

Without the sudo -u $userName part at the beginning of each line, the files were getting updated but System Preferences wouldn't reflect the change until after you restarted. When sudoing as the local user, it is reflected in System Prefs immediately, and more importantly, it is enforced immediately.

Edit: had to fix the formatting in my code above.

For an offline script, just take the same code above, add #!/bin/sh to the top, save it as "macscreensaver.sh" and make it a dependency. In the tasks, set Verify to always fail, and Remediation to:

Launch “$(KACE_DEPENDENCY_DIR)\macscreensaver.sh” with params “”

One thing to make sure of is that you are using the right kind of whitespace characters for your platform. I had a lot of problems getting this script to work as an offline KScript, because I had originally composed it in the web browser on my PC. When I copied and pasted the text into a .sh file and tried to run it on my Mac directly, I got syntax errors due to the different kind of CRLF characters at the end of each line.

New Edit 11/16/2016:

So Apple decided to make things easier for people in macOS 10.12 Sierra -- you no longer need the $hwUUID part to mess with ByHost preferences. Since I want this script to work on both Sierra and earlier versions, I just added the line to the bottom above done.

I also added 'killall cfprefsd' just to be sure that it will pickup the new versions of the files and not the cached ones.

Sorry, that might have been a copy and paste problem, or something else, that period isn't there in KACE. Either I recreated the script and it existed at one time, but it doesn't exist there now.

I'm guessing this might be an authentication problem? All mac's are on the Domain, all users are administrators on their own machine, but i can't get this to run. Even in the logging, it isn't outputting the On Success read and get information.

So moving on to another potential fix. KAce techsupport called me yesterday and sent me some of their ideas over night. Some aren't relevant, because as Steve said above, the sandbox thing looks to be the problem. Dell has also confirmed this as they've mentioned a new security feature in OS X 10.7+ that includes the .lockfile... so one suggestion was to try the following shell command:

Just something to keep in mind: I ran into this while trying to create a dialog box that I thought would keep the script from running until it received user input. The dialog box stayed on the screen but after about 2 minutes, the script jumped to the next line and continued to run.

So, if you get this error "29:80: execution error: Finder got an error: AppleEvent timed out. (-1712)", its generally because System Events won't wait any longer and will continue with the rest of the script. You have to define how long for it to delay before continuing or giving up.

Really hate to revive a thread that's been dead for four months, but were you ever able to find a method to get around the sandboxing and require the password via KACE? I'm trying to do the same thing for several hundred Macs.